Last week, Microsoft posted a hotfix for a problem users first reported in mid-May. Users of Symantec's consumer security software said that after updating their PCs to XP SP3, a bug emptied Windows' Device Driver and deleted network connections.

Although Symantec initially blamed Microsoft for the snafu, it later accepted some responsibility. In late May, Symantec acknowledged that Microsoft's updating process and a security feature in its own Norton-branded software combined to swamp the Windows registry with hundreds, sometimes thousands, of bogus and corrupted keys. That security feature, dubbed "SymProtect" by Symantec, was designed to protect the company's security software from attack by guarding against unauthorized changes to the registry.

Although Microsoft had previously declined to comment on the episode, the support document that accompanied the hotfix fingered Symantec's software. "This problem occurs when the Fixccs.exe process is called during the Windows XP SP3 installation," said Microsoft. "This process creates some intermediate registry subkeys, and it later deletes these subkeys. In some cases, some anti-virus applications may not let the Fixccs.exe process delete these intermediate registry subkeys."

The hotfix replaces the Fixccs.exe file with an updated version, but it can only be applied if the user has booted into Windows' Safe Mode, according to the support document.

Symantec has contended that other security software with registry-change monitoring defenses also caused similar problems for users updating to Windows XP SP3, but there have been few reports logged to Microsoft's support forums. Microsoft, however, intimated that Symantec might not be alone when it used the generic, and plural, "some antivirus applications" in its explanatory document.